On Fri, 4 May 2001, Cees Hek wrote:
> On Thu, 3 May 2001, Barry Veinotte wrote:
>
> > [Thu May 3 15:06:57 2001] [error] Insecure dependency in open while
> > running with -T switch at
>/usr/local/www/vhosts/ad-eagle.com/cgi-bin/ad-eagle/lib/AdEagle.pm line 472.
> > The scripts using the .pm are running under Apache::Registry and have been running
> > fine. Then last night a "major" upgrade was done to the servers. Now the scripts
>are
> > dying with this error. None of them are running -T I don't think any on the
>server are,
> > and know none under Apache::Registry are.
> > Only Apache::Registry scripts are being affected. Anyone have any ideas as to
> > where I could start looking?
% perldoc perlsec
> Check your Apache config files for PerlTaintCheck On, and check all your
> registry scripts for the -T switch. Also, taint checking is automatically
> turned on when scripts are run setuid (I don't know if that can affect
> Registry scripts, but it's probably worth checking the file permissions on
> all your scripts and modules)
-T doesn't affect mod_perl scripts, only PerlTaintCheck. The same goes for
setuid, Apache::Registry scripts aren't executed as plain perl scripts.
Instead they are being read as plain files, placed into the handler()
function (and the package) and only then executed.
See: http://perl.apache.org/guide/porting.html#Taint_Mode
_____________________________________________________________________
Stas Bekman JAm_pH -- Just Another mod_perl Hacker
http://stason.org/ mod_perl Guide http://perl.apache.org/guide
mailto:[EMAIL PROTECTED] http://apachetoday.com http://eXtropia.com/
http://singlesheaven.com http://perl.apache.org http://perlmonth.com/
